Use of sess_time_to_update

[eluser]veliscorin[/eluser]
Hi all

From what I understand, sess_expiration means how long of inactivity before CI clears the session. And sess_time_to_update means the period of time before CI will change the id to a new id.

However, my application requires me to store some form of identification of an anonymous user. Thus I am thinking of using the session id as an identifier in my tables. So for example when a user comes to the site, he is given an id "abcd". I then store data in my tables so that I know those records belong to him. But after X amount of time when CI updates the session id, the same session now has a new id of "efgh". Then my data becomes incorrectly related to the user.

Is there anyway that I could work around this?

Regards
Lee

[eluser]dmorin[/eluser]
I had to do something similar once. My solution was not to use the session id but to create an additional field in the session that contained a long-term id (that's what I called it) that wouldn't get updated when the session ID was regenerated. I ended up just extending the session class and in the function that creates the session, I add a field to the userdata portion and store an MD5 or SHA1 hash in it. That way every new session has a long-term-id by default. You also don't loose out of the security feature of quickly updated session ids.

CI 2.0 FEATURE REQUEST:
Add hooks/events to the session library
pre-create, post-create, pre-update-id, post-update-id, etc

[eluser]veliscorin[/eluser]
Yea I have thought of something like that too. I kind of called it "token", in the session userdata. Like you said, this way the userdata is preserved whenever the id regenerates. Thanks for your input though, at least I know that I'm not the only one doing it (I thought it was kind of a bad idea to do it at first)



Cheers